Feature Request: Existing password needed while changing password

[Siddhesh777]

Is your feature request related to a problem? Please describe.

I will never like that someone changes password of my account. In /profile route there is a provision for changing the password. To change the current password, user must enter the existing password, If it doesn't match then password should not change.

Describe the solution you'd like.

We should take current password as input from user. if it matched ,let the user change the password, else he/she can't.

Additional context (if any)

I am contributor at gssoc'22. Please assign this task to me

[github-actions[bot]]

Hey @Siddhesh777 👋, thank you for raising an issue. Please make sure that it is detailed, and also following the provided template.

[varunKT001]

@Siddhesh777 Good idea 🚀

But that will require some firebase stuff, and I hope you are comfortable with firebase.

If you need any help, ping me on the TomperWear discord channel 👍

[Siddhesh777]

hey @varunKT001 😅 Just needed small help. I learned all the basic stuffs of firebase but I am unable to know how can we compare the the existing password of currentUser. Can you help me for this?😅

[varunKT001]

@Siddhesh777 There is no specific method just to compare passwords. What you can do is to use reauthenticateWithCredential method provided by firebase. For this, you have to provide the user's email (which is already in the currentUser state) and the current password. If the authentication was successful, you can update the password, otherwise, you can show an error message 👍

Refer to firebase docs for more info: https://firebase.google.com/docs/auth/web/manage-users#re-authenticate_a_user

[Siddhesh777]

Thank you very much @varunKT001

[Siddhesh777]

hey @varunKT001 I am trying to solve this issue from long. But I am getting following error,Can you please guide me how can I correct it?

[varunKT001]

@Siddhesh777 Before moving to the error:

• As the project is structured, all the main logic should reside in the context. You have to update the updateUserProfilePassword function in src/context/user_context.js. In the src/pages/ProfilePage/index.js you have to only catch the errors (if any) and show the toast 👍
• Also, instead of auth.currentUser, you can use the currentUser state which is exposed using useUserContext hook. But since you have to implement the logic in the user_context.js itself, you can directly use the currentUser state.

Coming to the error:

• The error says that it cannot access the credential method of auth.EmailAuthProvider as it is undefined. This is happening because, in firebase v9, the method has been updated. It's now:

const credentials = EmailAuthProvider.credentials(currentUser.email, existingPassword)

You don't have to use auth.EmailAuthProvider now . . .

Try it, and if the problem still persists, tag me here, I'll look into it 👍